More than half of nation-state cyber attacks in the last year have originated from Russia, Microsoft has revealed in a new report.
According to the firm’s annual Digital Defense Report, 52 per cent of state-sponsored hacking attempts from July 2019 and June 2020 were Russian in origin.
Exactly a quarter during this time period came from Iran, 12 per cent from China and the remaining 11 per cent from North Korea and other countries.
Cyber operations have targeted global events, including elections and individuals tied to political campaigns, as well as the Olympic Games and the current pandemic.
Every country in the world has seen at least one Covid-19-themed attack since the pandemic began, Microsoft claims.
The number of successful attacks has increased along with Covid-19 outbreaks as ‘fear and the desire for information’ has grown.
The themes of dodgy links and scamming attempts are a reflection of ‘the contemporary issues of the day’ Microsoft said.
52 per cent of nation-state cyber warfare hack attempts from July 2019 and June 2020 were from Russia, Microsoft said. Pictured: Stock image of a hacker
For example, clicking a link to a purported Covid-19 cure can result in a computer becoming infected with viruses.
Microsoft’s annual report analyses trillions of threat signals from PCs, ‘smart home’ devices, and emails to estimate total cyber security over the course of a year.
‘Cybercriminals are opportunistic and have capitalised on interest and fear related to the Covid-19 pandemic and other disruptive events,’ said Mary Jo Schrade at Microsoft Digital Crimes Unit Asia.
‘They have expanded the way they leverage computers that are infected with malware, adding modules or changing the nature of the attacks for which they leverage them.
‘They have also focused on targeting their ransomware activities toward entities that cannot afford to be offline or without access to records during critical periods of the pandemic, like hospitals and medical research institutions.
‘Concerted efforts from organisations, governments and businesses are key to addressing these wide-ranging online threats.’
When a Microsoft customer – either a single person or organisation – is targeted or compromised by nation state activities that the firm tracks, Microsoft delivers something called a nation state notification (NSN) to the customer.
Microsoft said it has issued 13,000 alerts about nation-state hacking attempts to its customers in the last two years.
Russia, the worst offender for such attempts observed by Microsoft, has a history of launching disruptive and potentially destructive attacks ‘in response to perceived anti-Russian actions in international sport’.
As the world prepared for the Tokyo Summer Olympic Games in 2020, at least 16 national and international sporting and anti-doping organisations across three continents were targeted
Before the Olympic Games in 2016 and 2018, suspected Russia-based threat actors stole and leaked athletes’ sensitive medical data and rendered inoperable the servers comprising the IT backbone of the Olympic Games.
And as the world prepared for the Tokyo Summer Olympic Games this year – which has been postponed because of Covid-19 – at least 16 national and international sporting and anti-doping organisations across three continents were targeted.
The US took the brunt of the cyber attacks in the past year, followed by the UK, Microsoft intelligence revealed.
More than two thirds – 69 per cent – of the NSNs sent by Microsoft from July 2019 to June 2020 were to customers in the US.
19 per cent were sent to UK customers, followed by 5 per cent in Canada, 4 per cent in South Korea and 3 per cent in Saudi Arabia.
Iran, which accounted for the second-largest amount of hack attempts behind Russia, was the source of increasing cyber activity.
In a 30-day period between August and September 2019, Microsoft observed Iran-based hackers attacking 241 accounts of Microsoft customers.
The targeted accounts were associated with a US presidential campaign, current and former US government officials, journalists covering global politics and prominent Iranians living outside Iran.
As the US general election gets closer, Microsoft is ‘likely to see activity increase after this report was written’ in the demand for information. President Donald Trump (left) and Democratic candidate Joe Biden seen here in Cleveland, Ohio on September 29
As the November 2020 US Presidential election gets closer, Microsoft said it’s likely to see this nefarious activity increase.
As for China, a suspected nation state group operating there compromised accounts at a US university involved in Covid-19 vaccine research in March.
And nation state actors from both North Korea and Iran targeted global university experts that influence international policy on topics like international security, nuclear weapons and human rights.
Microsoft said non-governmental organisations are the most heavily targeted, including non-profits, think tanks, advocacy groups and human rights organisations.
This was followed by government organisations, IT firms, higher education, professional services and then international organisations, such as those involved in work with refugees.
In terms of Covid-themed attacks, China, the US and Russia were hit the worst, showing that some of the worst offenders are in the same nation as some of their victims.
Attackers are using the global pandemic to broadly target consumers who want information, as well as to specifically target hospitals and healthcare providers
In the US, Covid-themed malware encounters peaked in March, just as American awareness of the coronavirus was starting to spread, and again in June.
While in the UK, they started to climb dramatically in February and peaked at more than 70,000 on March 14 just over a week before the full lockdown came into effect.
‘As the virus spread globally, cybercriminals pivoted their lures to imitate trusted sources like the World Health Organisation (WHO) and other national health organisations, in an effort to get users to click on malicious links and attachment,’ the report says.
‘Adversaries used the Covid-19 theme to socially engineer lures around the anxiety and the flood of information associated with the pandemic.
‘[Cybercriminals] seek to blend their well-established tactics and malware with human curiosity and our need for information… it’s a common understanding to “never waste a crisis”.’
Microsoft is urging organisations to give staff employee phishing training. Phishing is where targets are contacted by email, telephone or text message to steal personal information
Elsewhere in the 88-page report, Microsoft revealed it blocked more than 13 billion malicious and suspicious mails in 2019.
Out of this total, more than 1 billion were URL-based phishing threats – URLs set up for the explicit purpose of launching a phishing credential attack.
Microsoft is urging organisations to tell their staff to ‘say something if they see something’ like a dodgy phishing email.
‘Determining what areas of behaviour are driven by a lack of knowledge will best be addressed with a “training first” approach,’ the report says.
‘Areas where employees have the knowledge but are still not displaying desired security behaviours should be addressed through other efforts, like targeted campaigns, leadership messaging, outreach events, and a closer look at process and procedures.’
The new analysis is based on data from more than 1.2 billion PCs, servers and IoT devices that accessed Microsoft services, as well as data from 630 billion authentication events, 470 billion emails and more than 18 million URLs.